|
|
@@ -1326,7 +1326,8 @@ int wma_nan_rsp_event_handler(void *handle, uint8_t *event_buf,
|
|
|
alloc_len = sizeof(tSirNanEvent);
|
|
|
alloc_len += nan_rsp_event_hdr->data_len;
|
|
|
if (nan_rsp_event_hdr->data_len > ((WMI_SVC_MSG_MAX_SIZE -
|
|
|
- sizeof(*nan_rsp_event_hdr)) / sizeof(uint8_t))) {
|
|
|
+ sizeof(*nan_rsp_event_hdr)) / sizeof(uint8_t)) ||
|
|
|
+ nan_rsp_event_hdr->data_len > param_buf->num_data) {
|
|
|
WMA_LOGE("excess data length:%d", nan_rsp_event_hdr->data_len);
|
|
|
QDF_ASSERT(0);
|
|
|
return -EINVAL;
|
Himanshu Agarwal